Breaches, compromised data levels are up

Sep 20, 2016

Data breaches increased 15% in the first six months of 2016 compared to the last six months of 2015.
According to Gemalto’s Breach Level Index, worldwide, there were 974 reported data breaches and more than 554-million compromised data records in the first half of 2016, compared to 844 data breaches and 424-million compromised data records in the previous six months.
In addition, 52% percent of the data breaches in the first half of this year did not disclose the number of compromised records at the time they were reported.
The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful.
According to the Breach Level Index, more than 4,80-billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. For the first six months of 2016, identity theft was the leading type of data breach, accounting for 64% of all data breaches, up from 53% in the previous six months. Malicious outsiders were the leading source of data breaches, accounting for 69% of breaches, up from 56% in the previous six months.
“In Africa, the number of data breaches tripled in the first six months of 2016 as compared to the last six months of 2015. Government accounted for 50% and financial institutions 25% of all breaches in Africa. In South Africa specifically, the number of reported data breaches doubled in the first half of 2016,” says Neil Cosser, identity and data protection manager for Africa at Gemalto. “It’s important to note that these relate to publically reported breaches only and, as such, figures could be even more alarming.
“With government (57% of breaches) and financial institutions (14%) clearly being targeted, it’s important for organisations to start thinking of a long-term solution to protect their data, like data encryption and not to focus purely on perimeter security. Data encryption ensures that even if someone manages to get past a network’s perimeter defences, they are unable to use the data. Encryption in this context is the ultimate way to ‘unshare’ data in shared environments and protect your data.”
“Over the past 12 months, hackers have continued to go after both low hanging fruit and unprotected sensitive personal data that can be used to steal identities,” says Jason Hart, vice-president and chief technology officer for data protection at Gemalto. “The theft of user names and account affiliation may be irritating for consumers, but the failure of organisations to protect sensitive personal information and identities is a growing problem that will have implications for consumer confidence in the digital services and companies they entrust with their personal data.”
Across industries, the healthcare industry accounted for 27% of data breaches and saw its number of data breaches increase 25% compared to the previous six months.
However, healthcare represented just 5% of compromised data records versus 12% in the previous six months. Government accounted for 14% of all data breaches, which was the same as the previous six months, but represented 57% of compromised records. Financial services companies accounted for 12% of all data breaches, a 4% decline compared to previous six months, but accounted for just 2% of compromised data records. Retail accounted for 11% of data breaches, and declined 6% versus the previous six months, and accounted for 3% of compromised data records. Education accounted for 11% of data breaches and represented less than one percent of all compromised records. All other industries represented 16% of data breaches and 16% of compromised data records.
In terms of top three geographic regions for reported data breaches, 79% were in North America, 9% were in Europe, and 8% were in Asia-Pacific.
As data breaches continue to grow in frequency and size, it is becoming more difficult for consumers, government regulatory agencies and companies to distinguish between nuisance data breaches and truly impactful mega breaches,” says Hart. “News reports fail to make these distinctions, but they are important to understand because each have different consequences.
“A breach involving 100-million user names is not as severe as a breach of one million accounts with social security numbers and other personally identifiable information that are used for financial gain.
“In this increasingly digital world, companies, organisations and governments are storing greater and greater amounts of data that has varying levels of sensitivity. At the same time, it is clear that data breaches are going to happen and that companies need to shift from a total reliance on breach prevention to strategies that help them secure the breach.
“That is why more focus needs to be understanding what really constitutes sensitive data, where it is stored, and using the best means to defend it. At the end of the day, the best way to protect data is to kill it. That means ensuring user credentials are secured with strong authentication and sensitive data is protected with encryption so it is useless to the thieves.”